Hanya Sekedar Informasi:
Apabila Anda ingin Hacking ( Anda Harus Memiliki Tools ini )
Internet Tools Yg Sering di Pergunakan U/ Alat Bantu Hacking:
Bandwidth Meter,
IP Address Scanner,
IP Calculator,
IP Converter,
Port Listener,
Port Scanner,
Ping,
NetStat (2 ways),
Trace Route (2 ways),
TCP/IP Configuration,
Online - Offline Checker,
Resolve Host & IP, Time Sync,
Whois & MX Lookup,
Connect0r,
Connection Analysator and prtotector,
Net Sender,
E-mail seeker,
Net Pager,
Active and Passive port scanner,
Spoofer,
Hack Trapper,
HTTP flooder (DoS),
Mass Website Visiter,
Advanced Port Scanner,
Trojan Hunter (Multi IP),
Port Connecter Tool,
Advanced Spoofer,
Advanced Anonymous E-mailer,
Simple Anonymous E-mailer,
Anonymous E-mailer with Attachment Support,
Mass mailer,
E-mail Bomber,
E-mail Spoofer,
Simple Port Scanner (fast),
Advanced Netstat Monitoring,
X Pinger,
Web Page Scanner,
Fast Port Scanner,
Deep Port Scanner,
Fastest Host Scanner (UDP),
Get Header, Open Port Scanner,
Multi Port Scanner,
HTTP scanner (Open port 80 subnet scanner),
Multi Ping for Cisco Routers,
TCP Packet Sniffer,UDP flooder,
Resolve and Ping, Multi IP ping,
File Dependency Sniffer,
EXE-joiner (bind 2 files),
Encrypter, Advanced Encryption,
File Difference Engine,
File Comparasion,
Mass File Renamer,
Add Bytes to EXE,
Variable Encryption,
Simple File Encryption,
ASCII to Binary (vv),
Enigma, Password Unmasker,
Credit Card Number Validate and generate,
Create Local HTTP Server,
eXtreme UDP Flooder,
Web Server Scanner,
Force Reboot,
Webpage Info Seeker,
Bouncer,
Connection Tester,
Fake Mail Sender,
Bandwidth Monitor,
Remote Desktop Protocol Scanner,
MX Query,
Messenger Packet Sniffer,
API Spy,
DHCP Restart,
File Merger,
E-mail Extractor (crawler bot), Open FTP Scanner
Note :
hacking tool lainnya Bisa didapatkan informasinya? silahkan join
ke #persiwa
On IRC DALnet Server dan silahkan buka link yang ada pada topiknya.
As a Google Labs project, Google Page Creator is still in an early testing phase. If you're interested in taking it for a test drive, login with your Gmail account to begin making pages. If you don't have a Gmail account, never fear — you can sign up here using your mobile phone. We invite you to let us know what you think by sending us your feedback and suggestion.
As a Google Labs project, Google Page Creator is still in an early testing phase. If you're interested in taking it for a test drive, login with your Gmail account to begin making pages. If you don't have a Gmail account, never fear — you can sign up here using your mobile phone. We invite you to let us know what you think by sending us your feedback and suggestion.
Posted: Mon Sep 05, 2005 10:09 pm Post subject: Worm Kangen... bagaimana cara melenyapkan "kangen"
Worm Kangen (Kang.A, Kang.B dan Kang.C menurut Norman AV), merupakan worm lokal, bisa dilihat dari pesan yg ditimbulkan saat 0-day, yaitu lagu dari band DEWA. Mungkin teman2 Oprekerz sudah hapal pisan lirik lagu ini Walaupun mungkin udah basi, tapi sampai sat ini masih banyak rekan2 yg terkena worm ini. Disini dijelaskan cara2 removal worm tanpa antivirus. Karakteristik worm ini yaitu : File utama : kangen.exe Ukuran file : 72 KB (73.728 bytes) Bersembunyi pada folder : Windows\System32 Mendisablekan REGEDIT, Menampilkan lirik lagu Kangen pada START, Saat menjalankan word akan membuat file "kangen.doc" berisi lirik lagu Kangen. Yg paling menyebalkan, worm ini akan menyebar melalui media disket, USB Flash disk dan jaringan tanpa ampun. Worm sejenis yg telah banyak menyebar sebelumnya seperti W32/Tabaru.A (Worm Riyani Jangkaru), W32.Pesin, dan yg terakhir worm Kumis (W32/Kumis.A) dan rata2 tersebar di rental komputer yg tidak dipasang antivirus. Gambar 1
Disini terlihat jelas lirik lagu kangen. Gambar 2
Rutin manipulasi registri Gambar 3
Terlihat bahwa file worm berextensi .EXE dengan gambar icon WORD. Sedangkan file documen word berextensi .DOC Selain itu, bila dilihat file Properties, jelas nampak perbedaan yg mencolok antara file executable dan word document. Rupanya sang kreator worm sangat cerdik dengan memanfaatkan ketidaktahuan para pengguna komputer. Hal tersebut dilihat dari penampilan worm yg mirip file word. Sekarang cara menyingkirkan "kangen" yg mengganggu ini : 1. Masuk ke SAFE MODE (pijit F8 )
Registry Disassembled a basic tutorial
The registry is a hierarchical database that contains virtually all information about your computer's configuration. Under previous version of Windows, those setting where contained in files like config.sys, autoexec.bat, win.ini, system.ini, control.ini and so on. From this you can understand how important the registry is. The structure of the registry is similar to the ini files structure, but it goes beyond the concept of ini files because it offers a hierarchical structure, similar to the folders and files on hard disk. In fact the procedure to get to the elements of the registry is similar to the way to get to folders and files. In this section I would be examing the Win95\98 registry only although NT is quite similar
What is a Rootkit? The term rootkit is used to describe the mechanisms and techniques whereby malware, including viruses, spyware, and trojans, attempt to hide their presence from spyware blockers, antivirus, and system management utilities. There are several rootkit classifications depending on whether the malware survives reboot and whether it executes in user mode or kernel mode. ada beberapa jenis Rootkit yg bisa digolongkan jg sbb:
1. Sofware DVD www.dvdshrink.org
2. A firefox extension that is capable to remove all ads http://adblock.mozdev.org/
3. Processor test - leave ONLY CPU (FPU) checkbox checked http://testmem.nm.ru/snm.zip
4. Nforce 2 Tweaker http://www.dslreports.com/r0/download/734662~16a20e046ea7a0fbdfae62b6a9cda22f/nf2tweaker025b.zip
5. jv16 Power Tools - Registry cleaner and freeware alternative in notes http://www.macecraft.com/downloads/jv16pt_setup.exe
6. Windows Washer - Cover up your tracks http://www.webroot.com/php/tryme.php?bjpc=4060&vcode=DT01
7. Shoot The Messenger . http://www.grc.com/files/shootthemessenger.exe
8. Anti virus : AntiVir - http://www.free-av.com/
Avast - http://www.avast.com/i_idt_1018.html
AVG - http://www.grisoft.com/
ClamWin - http://www.clamwin.com/
9. Anti Spyware: Ad-aware - http://www.lavasoft.de/software/adaware/
Bazooka - http://www.kephyr.com/spywarescanner/index.html
Diet K - http://www.dietk.com/
SpyBot Search & Destroy - http://spybot.safer-networking.de/
SpywareBlaster - http://www.javacoolsoftware.com/spywareblaster.html
SpywareGuard - http://www.wilderssecurity.net/spywareguard.html
WinPatrol - http://www.winpatrol.com/
Apabila Anda ingin Hacking ( Anda Harus Memiliki Tools ini )
Internet Tools Yg Sering di Pergunakan U/ Alat Bantu Hacking:
Bandwidth Meter,
IP Address Scanner,
IP Calculator,
IP Converter,
Port Listener,
Port Scanner,
Ping,
NetStat (2 ways),
Trace Route (2 ways),
TCP/IP Configuration,
Online - Offline Checker,
Resolve Host & IP, Time Sync,
Whois & MX Lookup,
Connect0r,
Connection Analysator and prtotector,
Net Sender,
E-mail seeker,
Net Pager,
Active and Passive port scanner,
Spoofer,
Hack Trapper,
HTTP flooder (DoS),
Mass Website Visiter,
Advanced Port Scanner,
Trojan Hunter (Multi IP),
Port Connecter Tool,
Advanced Spoofer,
Advanced Anonymous E-mailer,
Simple Anonymous E-mailer,
Anonymous E-mailer with Attachment Support,
Mass mailer,
E-mail Bomber,
E-mail Spoofer,
Simple Port Scanner (fast),
Advanced Netstat Monitoring,
X Pinger,
Web Page Scanner,
Fast Port Scanner,
Deep Port Scanner,
Fastest Host Scanner (UDP),
Get Header, Open Port Scanner,
Multi Port Scanner,
HTTP scanner (Open port 80 subnet scanner),
Multi Ping for Cisco Routers,
TCP Packet Sniffer,UDP flooder,
Resolve and Ping, Multi IP ping,
File Dependency Sniffer,
EXE-joiner (bind 2 files),
Encrypter, Advanced Encryption,
File Difference Engine,
File Comparasion,
Mass File Renamer,
Add Bytes to EXE,
Variable Encryption,
Simple File Encryption,
ASCII to Binary (vv),
Enigma, Password Unmasker,
Credit Card Number Validate and generate,
Create Local HTTP Server,
eXtreme UDP Flooder,
Web Server Scanner,
Force Reboot,
Webpage Info Seeker,
Bouncer,
Connection Tester,
Fake Mail Sender,
Bandwidth Monitor,
Remote Desktop Protocol Scanner,
MX Query,
Messenger Packet Sniffer,
API Spy,
DHCP Restart,
File Merger,
E-mail Extractor (crawler bot), Open FTP Scanner
Note :
hacking tool lainnya Bisa didapatkan informasinya? silahkan join
ke #persiwa
On IRC DALnet Server dan silahkan buka link yang ada pada topiknya.
Tips & Trik Download di Rapidshare
Tips & Trik Download Di Rapidshare :
1. To search for ebooks and documents in PDF format on Rapidshare:
pdf "rapidshare.de/files" site:rapidshare.de
2.To download movies and video files:
+inurl:avimpgwmv site:rapidshare.de
3. To download mp3 files from rapidshare:
+inurl:wmamp3 site:rapidshare.de
4.To download software, zipped files, programs from rapidshare:
+inurl:exerarzip site:rapidshare.de
Salam
Mr.DheDay
1. To search for ebooks and documents in PDF format on Rapidshare:
pdf "rapidshare.de/files" site:rapidshare.de
2.To download movies and video files:
+inurl:avimpgwmv site:rapidshare.de
3. To download mp3 files from rapidshare:
+inurl:wmamp3 site:rapidshare.de
4.To download software, zipped files, programs from rapidshare:
+inurl:exerarzip site:rapidshare.de
Salam
Mr.DheDay
HOSTING GRATIS DI GOOGLE PAGES?
Google inc.
Terus
melebarkan sayapnya. Setelah Google Talk, Google Base dan Google
Desktop, kini layanan pembuat web sederhana juga turut diluncurkan.
Adalah Google Page Creator, nama dari layanan pembuat web ini. Google
mengklaim, layanan ini bisa pula digunakan bahkan oleh mereka yang tidak
mengerti kode Hypertext Mark-up Language (HTML). Dengan menyediakan 100
Megabyte tempat penyimpanan gratis dalam server Google, pengguna dapat
menyimpan berbagai foto liburan dan data lainnya untuk dilihat
masyarakat luas secara online. Layanan Google ini dikabarkan akan
menolak jika mendapati implementasi fasilitas e-commerce atau elemen
interaktif tertentu pada halaman pengguna. Untuk bisa menikmati layanan
ini, pengguna harus memiliki rekening di Gmail. Setelah terdaftar,
pengguna akan mendapatkan hosting gratis dengan alamat
'userid.googlepages.com'. Terdapat 41 desain template untuk pengguna
Google Page.
Create your own web pages, quickly and easily.
Google Page Creator is a free online tool that makes it easy for anyone to create and publish useful, attractive web pages in just minutes.
* No technical knowledge required.
Build high-quality web pages without having to learn HTML or use complex software.
* What you see is what you'll get.
Edit your pages right in your browser, seeing exactly how your finished product will look every step along the way.
* Don't worry about hosting.
Your web pages will live on your own site at
Create your own web pages, quickly and easily.
Google Page Creator is a free online tool that makes it easy for anyone to create and publish useful, attractive web pages in just minutes.
* No technical knowledge required.
Build high-quality web pages without having to learn HTML or use complex software.
* What you see is what you'll get.
Edit your pages right in your browser, seeing exactly how your finished product will look every step along the way.
* Don't worry about hosting.
Your web pages will live on your own site at
As a Google Labs project, Google Page Creator is still in an early testing phase. If you're interested in taking it for a test drive, login with your Gmail account to begin making pages. If you don't have a Gmail account, never fear — you can sign up here using your mobile phone. We invite you to let us know what you think by sending us your feedback and suggestion.
HOSTING GRATIS DI GOOGLE PAGES?
Google inc.
Terus
melebarkan sayapnya. Setelah Google Talk, Google Base dan Google
Desktop, kini layanan pembuat web sederhana juga turut diluncurkan.
Adalah Google Page Creator, nama dari layanan pembuat web ini. Google
mengklaim, layanan ini bisa pula digunakan bahkan oleh mereka yang tidak
mengerti kode Hypertext Mark-up Language (HTML). Dengan menyediakan 100
Megabyte tempat penyimpanan gratis dalam server Google, pengguna dapat
menyimpan berbagai foto liburan dan data lainnya untuk dilihat
masyarakat luas secara online. Layanan Google ini dikabarkan akan
menolak jika mendapati implementasi fasilitas e-commerce atau elemen
interaktif tertentu pada halaman pengguna. Untuk bisa menikmati layanan
ini, pengguna harus memiliki rekening di Gmail. Setelah terdaftar,
pengguna akan mendapatkan hosting gratis dengan alamat
'userid.googlepages.com'. Terdapat 41 desain template untuk pengguna
Google Page.
Create your own web pages, quickly and easily.
Google Page Creator is a free online tool that makes it easy for anyone to create and publish useful, attractive web pages in just minutes.
* No technical knowledge required.
Build high-quality web pages without having to learn HTML or use complex software.
* What you see is what you'll get.
Edit your pages right in your browser, seeing exactly how your finished product will look every step along the way.
* Don't worry about hosting.
Your web pages will live on your own site at
Create your own web pages, quickly and easily.
Google Page Creator is a free online tool that makes it easy for anyone to create and publish useful, attractive web pages in just minutes.
* No technical knowledge required.
Build high-quality web pages without having to learn HTML or use complex software.
* What you see is what you'll get.
Edit your pages right in your browser, seeing exactly how your finished product will look every step along the way.
* Don't worry about hosting.
Your web pages will live on your own site at
As a Google Labs project, Google Page Creator is still in an early testing phase. If you're interested in taking it for a test drive, login with your Gmail account to begin making pages. If you don't have a Gmail account, never fear — you can sign up here using your mobile phone. We invite you to let us know what you think by sending us your feedback and suggestion.
MERUBAH PORT SMTP?? GIMANA CARANYA?
gini...
biasanya
ada bbrp kantor yg tak memperbolehkan penggunanya (baca:pegawai) utk
mempergunakan email selain punya kantor,tapiiii pd penggemar beratz
milis yg kudu make email tertentu akan mengalami kesulitan,nah ini ada
dikit tips gini...(lagi) kita tau bahwa port yg dipakai oleh smtp email
secara standard adl port TCP 25 bukan? tapi apakah hanya port itu yg
dipakai? jawabnya "wah ndak mesti mas" bener...nah menurut katalog RFC
(request for comment) nomer 2476
CARA MELENYAPKAN VIRUS "KANGEN"
Worm Kangen (Kang.A, Kang.B dan Kang.C menurut Norman AV),
merupakan
worm lokal, bisa dilihat dari pesan yg ditimbulkan saat 0-day, yaitu
lagu dari band DEWA. Mungkin teman2 Oprekerz sudah hapal pisan lirik
lagu ini Walaupun mungkin udah basi, tapi sampai sat ini masih banyak
rekan2 yg terkena worm ini. Disini dijelaskan cara2 removal worm tanpa
antivirus. Karakteristik worm ini yaitu : File utama : kangen.exe Ukuran
file : 72 KB (73.728 bytes) Bersembunyi pada folder : Windows\System32
Mendisablekan REGEDIT, Menampilkan lirik lagu Kangen pada START, Saat
menjalankan word akan membuat file "kangen.doc" berisi lirik lagu
Kangen. Yg paling menyebalkan, worm ini akan menyebar melalui media
disket, USB Flash disk dan jaringan tanpa ampun. Worm sejenis yg telah
banyak menyebar sebelumnya seperti W32/Tabaru.A (Worm Riyani Jangkaru),
W32.Pesin, dan yg terakhir worm Kumis (W32/Kumis.A) dan rata2 tersebar
di rental komputer yg tidak dipasang antivirus.
Terlihat
bahwa file worm berextensi .EXE dengan gambar icon WORD. Sedangkan file
documen word berextensi .DOC Selain itu, bila dilihat file Properties,
jelas nampak perbedaan yg mencolok antara file executable dan word
document. Rupanya sang kreator worm sangat cerdik dengan memanfaatkan
ketidaktahuan para pengguna komputer. Hal tersebut dilihat dari
penampilan worm yg mirip file word.
Posted: Mon Sep 05, 2005 10:09 pm Post subject: Worm Kangen... bagaimana cara melenyapkan "kangen"
Worm Kangen (Kang.A, Kang.B dan Kang.C menurut Norman AV), merupakan worm lokal, bisa dilihat dari pesan yg ditimbulkan saat 0-day, yaitu lagu dari band DEWA. Mungkin teman2 Oprekerz sudah hapal pisan lirik lagu ini Walaupun mungkin udah basi, tapi sampai sat ini masih banyak rekan2 yg terkena worm ini. Disini dijelaskan cara2 removal worm tanpa antivirus. Karakteristik worm ini yaitu : File utama : kangen.exe Ukuran file : 72 KB (73.728 bytes) Bersembunyi pada folder : Windows\System32 Mendisablekan REGEDIT, Menampilkan lirik lagu Kangen pada START, Saat menjalankan word akan membuat file "kangen.doc" berisi lirik lagu Kangen. Yg paling menyebalkan, worm ini akan menyebar melalui media disket, USB Flash disk dan jaringan tanpa ampun. Worm sejenis yg telah banyak menyebar sebelumnya seperti W32/Tabaru.A (Worm Riyani Jangkaru), W32.Pesin, dan yg terakhir worm Kumis (W32/Kumis.A) dan rata2 tersebar di rental komputer yg tidak dipasang antivirus. Gambar 1
Disini terlihat jelas lirik lagu kangen. Gambar 2
Rutin manipulasi registri Gambar 3
Terlihat bahwa file worm berextensi .EXE dengan gambar icon WORD. Sedangkan file documen word berextensi .DOC Selain itu, bila dilihat file Properties, jelas nampak perbedaan yg mencolok antara file executable dan word document. Rupanya sang kreator worm sangat cerdik dengan memanfaatkan ketidaktahuan para pengguna komputer. Hal tersebut dilihat dari penampilan worm yg mirip file word. Sekarang cara menyingkirkan "kangen" yg mengganggu ini : 1. Masuk ke SAFE MODE (pijit F8 )
2. Jalankan REGEDIT (Start Run ... "regedit" Enter)
3. Browse ke
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current_version\Run
Hilangkan value : CCAPPS, LoadService, OSA dengan data value
C:\%system%\winword.exe dan SymRun
4. Dia akan memblok pengeditan via registri pada normal mode di :
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
dengan value : DisableRegistryTools dan DisableTaskMgr
5. Find file bernama : "kangen.exe" di partisi C:, lalu HAPUS.
6.
Tutup registri dan restart. Bagaimana cara penanggulangan agar tidak
terkecoh oleh file "jejadian" ini? Caranya cukup mudah, yaitu selalu
meli
hat file dengan opsi DETAIL dan opsi lain di Tools Folder Option, seperti gambar 4 dibawah.
ERROR AUTO EXE.NT DI WINDOWS? HOW TO??
If you try to
start or install an MS-DOS-based or a 16-bit Windows-based program on
your Windows XP-based computer, you may receive an error message
that is similar to one of the following: 16-bit MS-DOS Subsystem path to the program that you are trying to start or install
C:\Winnt\System32\config.nt
The
system file is not suitable for running MS-DOS and Microsoft Windows
applications. Choose 'Close' to terminate the application. 16-bit MS-DOS
Subsystem path to the program that you are trying to start or install
config.nt The system file is not suitable for running MS-DOS and
Microsoft Windows applications.
Choose
'Close' to terminate the application. 16-bit MS-DOS Subsystem path to
the program that you are trying to start or install
C:\Windows\System32\Autoexec.nt The system file is not suitable for
running MS-DOS and Microsoft Windows applications. Choose 'Close' to
terminate the application. Although you may be prompted to quit the
program or ignore the error message, either selection makes the program
quit
CAUSE This issue may occur if one or more of the following files are missing or damaged:
•Config.nt
•Autoexec.nt
•Command.com
RESOLUTION To resolve this issue:
1. Insert the CD into the CD drive or DVD drive.
2. Click Start, and then click Run.
3. In the Open box, type cmd, and then click OK.
4.
At the command prompt, type the following commands, pressing ENTER
after each command:expand CD-ROM Drive Letter:\i386\config.nt_
c:\windows\system32\config.nt expand CD-ROM Drive
Letter:\i386\autoexec.nt_ c:\windows\system32\autoexec.nt expand CD-ROM
Drive Letter:\i386\command.co_ c:\windows\system32\command.comexit
5.
Start or install the program. If the issue is resolved, do not complete
the remaining steps. If the issue is not resolved, go to the next step.
6. Note: The Command.com file is not edited
or created in this in the following process. Because of this, you may
have to expand it from your Windows XP CD-ROM. Start Notepad.
7. In Notepad, type the following entries: dos=high, umbdevice=%SYSTEMROOT%\system32\himem.sysfiles=40
8. On the File menu, click Save As.
9. In the File Name box, type Config.nt, and then click Save. Close the Config.nt file.
10. On the File menu, click New.
11.
In the new blank document, type the following entries: @echo off lh
%SYSTEMROOT%\system32\mscdexnt.exe lh %SYSTEMROOT%\system32\redir lh
%SYSTEMROOT%\system32\dosx SET BLASTER=A220 I5 D1 P330 T3
12. On the File menu, click Save As.
13. In the File Name box, type Autoexec.nt, and then click Save. Close the Autoexec.nt file.
14. Start Windows Explorer. Locate the Config.nt file, right-click the Config.nt file, and then click Copy.
15. Right-click the %SYSTEMROOT%\System32 folder, and then click Paste.
16. Locate the Autoexec.nt file, right-click the Autoexec.nt file, and then click Copy.
17. Right-click the %SYSTEMROOT%\System32 folder, and then click Paste.
18. Locate the Command.com file, right-click the expanded Command.com file, and then click Copy.
19. Right-click the %SYSTEMROOT%\System32 folder, and then click Paste. Restart your computer.
BASIC TUTORIAL WINDOWS
Registry Disassembled a basic tutorial
The registry is a hierarchical database that contains virtually all information about your computer's configuration. Under previous version of Windows, those setting where contained in files like config.sys, autoexec.bat, win.ini, system.ini, control.ini and so on. From this you can understand how important the registry is. The structure of the registry is similar to the ini files structure, but it goes beyond the concept of ini files because it offers a hierarchical structure, similar to the folders and files on hard disk. In fact the procedure to get to the elements of the registry is similar to the way to get to folders and files. In this section I would be examing the Win95\98 registry only although NT is quite similar
The
Registry Editor The Registry Editor is a utility by the filename
regedit.exe that allows you to see, search, modify and save the registry
database of Windows. The Registry Editor doesn't validate the values
you are writing: it allows any operation. So you have to pay close
attention, because no error message will be shown if you make a wrong
operation. To launch the Registry Editor simply run RegEdit.exe ( under
WinNT run RegEdt32.exe with administer privileges). The registry editor
is divided into two sectios in the left one there is a hierarchical
structure of the database (the screen looks like Windows Explorer) in
the right one there are the values.
The
registry is organized into keys and subkeys. Each key contains a value
entry , each one has a name, a type or a class and the value itself. The
name is a string that identifies the value to the key. The length and
the format of the value is dependent on the data type. As you can see
with the Registry Editor, the registry is divided into five principal
keys: there is no way to add or delete keys at this level. Only two of
these keys are effectively saved on hard disk: HKEY_LOCAL_MACHINE and
HKEY_USERS. The others are jusr branches of the main keys or are
dynamically created by Windows.
HKEY_LOCAL_MACHINE
This key contains any hardware, applications and services information.
Several hardware information is updated automatically while the computer
is booting. The data stored in this key is shared with any user. This
handle has many subkeys:
Config
Contains configuration data for different hardware configurations. Enum
This is the device data. For each device in your computer, you can find
information such as the device type, the hardware manufacturer, device
drivers and the configuration. Hardware This key contains a list of
s*r*al ports, processors and floating point processors. Network Contains
network information. Security Shows you network security information.
Software This key contains data about installed software. System It
contains data that checks which device drivers are used by Windows and
how they are configured
HKEY_CLASSES_ROOT
This key is an alias of the branch HKEY_LOCAL_MACHINE\Software\Classes
and contains OLE, drag'n'drop, shortcut and file association
information. HKEY_CURRENT_CONFIG This key is also an alias. It contains a
copy of the branch HKEY_LOCAL_MACHINE\Config, with the current computer
configuration. HKEY_DYN_DATA Some information stored in the registry
changes frequently, so Windows maintains part of the registry in memory
instead of on the hard disk. For example it stores PnP information and
computer performance. This key has two sub keys Config Manager This key
contains all hardware information problem codes, with their status.
There is also the sub key HKEY_LOCAL_MACHINE\Enum, but written in a
different way. PerfStats It contains performance data about system and
network HKEY_USERS This important key contains the sub key .Default and
another key for each user that has access to the computer. If there is
just one user, only .Default key exists. . Each sub key maintains the
preferences of each user, like the desktop colors, the fonts used, and
also the settings of many programs. If you open a user subkey you will
find five important subkeys: AppEvent It contains the path of audio
files that Windows plays when some events happen. Control Panel Here are
the settings defined in the Control Panel. They used to be stored in
win.ini and control.ini. Keyboard Layouts It contains some advanced code
which identifies the actual keyboard disposition how it is set into the
Control Panel. Network This key stores subkeys that describe current
and recent network shortcuts. RemoteAccess The settings of Remote Access
are stored here. Software Contains all software settings. This data was
stored in win.ini and private .ini files. HKEY_CURRENT_USER It is an
alias to current user of HKEY_USERS. If your computer is not configured
for multi-users usage, it points to the subkey .Default of HKEY_USERS.
Description of .reg file Here I am assuming that you already have a .reg
file on your hard disk and want to know more about how it is
structured.Now do not double click the .reg file or it's content will be
added to the registry, of course there will be warning message that
pops up. Now to view the properties of the .reg file open it in notepad.
To do so first launch notepad by going to
Start>Programs>Accessories>Notepad. Then through the open menu
open the .reg file. Now the thing that differentiates .reg files from
other files is the word REGEDIT4. It is found to be the first word in
all .reg files. If this word is not there then the registry editor
cannot recognize the file to be a .reg file. Then follows the key
declaration which has to be done within square brackets and with the
full path.If the key does not exist then it will be created. After the
key declaration you will see a list of values that have to be set in the
particular key in the registry.The values look like this: "value
name"=type:value Value name is in double commas. Type can be absent for
string values, dword: for dword values and hex: for binary values. For
all other values you have to use the code hex(#): , where # indicate the
API code of the type. So: "My string" = "string value" is a string "My
dword" = dword:123456789 is a dword "My binary" = hex:AA,BB,CC is a
standard binary "My other type" = hex(2):AA,BB,00 is an expand string
Important Note: expand string has API code = 2 and extended string has
API code = 7. As you can see, strings are in double quotes, dword is
hexadecimal and binary is a sequence of hexadecimal byte pairs, with a
comma between each. If you want to add a back slash into a string
remember to repeat it two times, so the value "c:\Windows" will be
"c:\\Windows". Before write a new .reg file, make sure you do this else
you will get an error message. Command Line Registry Arguments
FILENAME.REG to merge a .reg file with the registry /L:SYSTEM to specify
the position of SYSTEM.DAT /R:USER to specify the position of USER.DAT
/e FILENAME.REG [KEY] to export the registry to a file. If the key is
specified, the whole branch will be exported. /c FILENAME.REG to
substitute the entire registry with a .reg file /s to work silently,
without prompt information or Warnings. That wraps up the Windows
Registry.
Monday, May 22, 2006
Mendeteksi Penyusup Pada Komputer Kita
seringkali
kita bertanya-tanya,apakah yg sebenarnya terjadi saat kita terkonek ke
internet? program apa yg running? process apa yg terjadi di background?
dlsb...beberapa orang mengandalkan firewall dan AV system (jg bbrp
program laen) utk melindungi privacy dan keamanan,tapi program2 tsb
berbiaya tinggi (shareware) dan memakan banyak resource,nah disini ada
bbrp software gratis yg bisa melakukan semua itu,yg pd prinsipnya adll
"melihat" dan "mengawasi" apa-apa yg terjd dikala kita berada dlm
jaringan global (internet) maupun internal (standalone/LAN).....
File Description: Sonar is ideal for those who are in the market of catching PC attackers in the act. Sonar will let the attacker connect; however, just long enough to capture their IP address. Then Sonar disconnects the attacker and reports the time, date, IP address, Hostname, Port, and what (if any) data they may have tried to send your way. Now easier than ever to operate!
File Description: Assasin : When malicious software invades your system, the most invasive ones will ensure that they are malignant. Some malware can even startup with the system in Safe Mode and regenerate using a new set of credentials. Thus, your everyday scanner will fail to remove these processes. However, Assassin v1.0.2 has been equipped with the necessary features one will need to terminate and remove almost any hostile process from ones system within minutes and all without rebooting or changing the system configurations.
File Description: Assimilation is the result of assimilating something which is dissimilated. In other words, assimilation is the result of making two dissimilar things similar. Assimilation can be based on a baseline. A baseline is a standard or protocol which is in place for the sake of governing events. In the case of Assimilator v1.0.0, our baseline is a replication of the good processes which run locally on our computers. Assimilator is not a substitute for a firewall but, coupled with a firewall, Assimilator instantly becomes one more layer between you and disaster. smua bisa diperoleh dgn gretong disini...
File Description: Sonar is ideal for those who are in the market of catching PC attackers in the act. Sonar will let the attacker connect; however, just long enough to capture their IP address. Then Sonar disconnects the attacker and reports the time, date, IP address, Hostname, Port, and what (if any) data they may have tried to send your way. Now easier than ever to operate!
File Description: Assasin : When malicious software invades your system, the most invasive ones will ensure that they are malignant. Some malware can even startup with the system in Safe Mode and regenerate using a new set of credentials. Thus, your everyday scanner will fail to remove these processes. However, Assassin v1.0.2 has been equipped with the necessary features one will need to terminate and remove almost any hostile process from ones system within minutes and all without rebooting or changing the system configurations.
File Description: Assimilation is the result of assimilating something which is dissimilated. In other words, assimilation is the result of making two dissimilar things similar. Assimilation can be based on a baseline. A baseline is a standard or protocol which is in place for the sake of governing events. In the case of Assimilator v1.0.0, our baseline is a replication of the good processes which run locally on our computers. Assimilator is not a substitute for a firewall but, coupled with a firewall, Assimilator instantly becomes one more layer between you and disaster. smua bisa diperoleh dgn gretong disini...
What is a Rootkit? The term rootkit is used to describe the mechanisms and techniques whereby malware, including viruses, spyware, and trojans, attempt to hide their presence from spyware blockers, antivirus, and system management utilities. There are several rootkit classifications depending on whether the malware survives reboot and whether it executes in user mode or kernel mode. ada beberapa jenis Rootkit yg bisa digolongkan jg sbb:
Persistent
Rootkit: yaitu suatu program yg bekerja dgn self execution saat system
boot,sbb software semacam malware,spy,adware di registry maupun file
system. Memory-Based
Rootkit:adl
malware yg tak mempunyai persisten code dan tak membutuhkan system boot
dlm bekerja,biasanya terjadi pd Http or Ftp transaksi yg berupa
cookies! User-mode Rootkits:adl Rootkit yg bekerja scr terintegrasi dgn
Windows FindFirstFile/FindNextFile APIs,yg bertujuan membuat listing
directory dan program serta membuat log transaksi user,Rootkit ini yg
paling dominan populasinya,menginfeksi dan merubah file2 system dgn cara
duplikasi atau bahkan mengoverwritte dan menyembunyikan dirinya dr task
manager dan system process.
Kernel-Mode:bahkan
lbh berbahaya dan sangat powerfull dibanding Rootkit lainnya,sebab tak
hanya manipulasi tp jg merubah data structur suatu file system.dan
seperti halnya User-Mode,rootkit ini bisa menyembunyikan dirinya dr Task
Manager dan Process List . naaaah amankah kita dari ootkit ini...?
hhmm,ada baiknya kita coba dulu deh gratisan dr www.sysinternal.com ini yaitu ROOTKIT REVEALER gini niiih gambarnya :
Rootkit Revealer bisa diperoleh disini : http://www.sysinternals.com/Files/RootkitRevealer.zip atau kita bisa berkunjung ke forum "Rootkit Revealer" utk mengetahui teknik2 investigasi dan penggunaan nya.disini niiih : http://www.sysinternals.com/Forum/forum_topics.asp?FID=15
atau bisa jg maen ke situs resminya Rootkit !!! di www.rootkit.com pd intinya,Rootkit di satu sisi adl "lawan"
tp di satu sisi yg laen (klo kita mau pelajari lbh mendalam tentunya)
***semogaberguna***
Sofware-Sofware Gratis yg sering di Pergunakan
Ada Banyak permintaan dari Teman-2x? yg minta di kasih ling Sofware-2x? Penting yg sering di pergunakan? Sedikit saya tuliskan ling-ling downloadnya:1. Sofware DVD www.dvdshrink.org
2. A firefox extension that is capable to remove all ads http://adblock.mozdev.org/
3. Processor test - leave ONLY CPU (FPU) checkbox checked http://testmem.nm.ru/snm.zip
4. Nforce 2 Tweaker http://www.dslreports.com/r0/download/734662~16a20e046ea7a0fbdfae62b6a9cda22f/nf2tweaker025b.zip
5. jv16 Power Tools - Registry cleaner and freeware alternative in notes http://www.macecraft.com/downloads/jv16pt_setup.exe
6. Windows Washer - Cover up your tracks http://www.webroot.com/php/tryme.php?bjpc=4060&vcode=DT01
7. Shoot The Messenger . http://www.grc.com/files/shootthemessenger.exe
8. Anti virus : AntiVir - http://www.free-av.com/
Avast - http://www.avast.com/i_idt_1018.html
AVG - http://www.grisoft.com/
ClamWin - http://www.clamwin.com/
9. Anti Spyware: Ad-aware - http://www.lavasoft.de/software/adaware/
Bazooka - http://www.kephyr.com/spywarescanner/index.html
Diet K - http://www.dietk.com/
SpyBot Search & Destroy - http://spybot.safer-networking.de/
SpywareBlaster - http://www.javacoolsoftware.com/spywareblaster.html
SpywareGuard - http://www.wilderssecurity.net/spywareguard.html
WinPatrol - http://www.winpatrol.com/
0 komentar:
Posting Komentar